Fix UnknownAttributeError on NetworkHost/NetworkService.create

[sethumadh]

Category

Bug

Feature/Issue Description

Q: Please give a brief summary of your feature/fix
A: Closes #3493 and #3498. Multiple recon modules were calling NetworkService.create(..., type: ...) and NetworkHost.create(..., type: ...), but the DB column is ntype, not type (the migration author renamed it because type is a Rails STI reserved word). Every such call raised ActiveModel::UnknownAttributeError at runtime. #3493 and #3498 are two reported bugs of the same root cause and this PR fixes all 16 broken callsites across 12 files.

Q: Give a technical rundown of what you have changed (if applicable)
A:

Root cause: the migration at core/main/ar-migrations/014_create_network_service.rb and 013_create_network_host.rb names the column ntype.

Investigation chain:

1. Started with Fingerprint Routers Scanner Module Error #3498 (Fingerprint Routers crash). Read the migration, identified the STI reason for the rename.
2. Checked extensions/network/models/network_service.rb and network_host.rb for any alias_attribute :type, :ntype .
3. Grepped the codebase for the same pattern. Found 16 broken instances across 12 files:

NetworkService.create(..., type: ...)   11 instances had the bug
NetworkHost.create(..., type: ...)       5 instances had the bug

#3493 and #3498 are two reported bugs and 14 other instances were not reported as bugs by users.

Reproduction (#3498 in Firefox):

ActiveModel::UnknownAttributeError: unknown attribute 'type' for BeEF::Core::Models::NetworkService.
Did you mean?  ntype=
        from .../modules/network/jslanscanner/module.rb:29:in 'Fingerprint_routers#post_execute'
        from .../core/main/handlers/commands.rb:60:in 'BeEF::Core::Handlers::Commands#setup'

The fix: 16 line changes across 12 files. type: becomes ntype: in every .create call against NetworkService or NetworkHost.

Files changed:

• core/main/handlers/browserdetails.rb
• modules/exploits/router/asus_rt_n12e_get_info/module.rb
• modules/host/detect_airdroid/module.rb
• modules/host/detect_cups/module.rb
• modules/network/cross_origin_scanner_cors/module.rb
• modules/network/cross_origin_scanner_flash/module.rb
• modules/network/detect_burp/module.rb
• modules/network/get_http_servers/module.rb
• modules/network/get_ntop_network_hosts/module.rb
• modules/network/get_proxy_servers_wpad/module.rb
• modules/network/internal_network_fingerprinting/module.rb
• modules/network/jslanscanner/module.rb

Test Cases

Q: Describe your test cases, what you have covered and if there are any use cases that still need addressing.
A:

Two new regression-guard specs:

1. spec/beef/core/main/models/network_service_spec.rb
2. spec/beef/core/main/models/network_host_spec.rb

These are regression guards, not TDD tests, they catch changes to the model itself.
Live verification : ran the fix end-to-end on two modules with distinct probe techniques:

• Fingerprint Routers (modules/network/jslanscanner): hooked a Firefox browser, ran the module, scanned 27 common router IPs. All 27 results POSTed back cleanly. All 27 rows landed in network_services with ntype = 'HTTP Server'. Zero UnknownAttributeError traces in the server log. Before the fix this same module raised on the first POST and wrote zero rows.

Wiki Page

N/A — this is a pure bug fix with no new feature surface.

[zinduolis]

Hey @sethumadh ,

Just to harden this area (and satisfy CodeQL security scanner), could you please implement the catching of unexpected assignment to proto variable? Something like below.

proto = case proxy_type
        when /PROXY/ then 'HTTP'
        when /SOCKS/ then 'SOCKS'
        else
          print_debug("Unexpected proxy_type from WPAD response: #{proxy_type.inspect}")
          next
        end

Thanks